Danger Inside: Where Counterfeit Chips LurkDanger Inside: Where Counterfeit Chips Lurk

If chip counterfeiters can sneak their wares onto nuclear submarines, they can get them into your networks, too.

The use of counterfeit electronic components is not a new issue. However, the IT community must be periodically reminded that the problem persists, especially in network components used in products from Cisco and others.

As I've written previously on No Jitter, counterfeit chips can be installed anywhere in any system. Not only can they cause a system to fail, but also can even lead to fires. They can compromise security. For my previous blogs on counterfeit chips, see:

Ujjwal Guin, a PhD candidate in electrical and computer engineering at the University of Connecticut, has been working in this field for the last four years and has published several journal and conference papers on counterfeit chips. His recent book Counterfeit Integrated Circuits: Detection and Avoidance helps readers become aware of the counterfeiting of integrated circuits (ICs). (Click here for more of his, and other, work on counterfeit issues and resolutions).

In an email interview, Guin responded to my questions on chip/IC counterfeiting. He uses publically reported government experiences as examples of counterfeit problems; determining the impact on enterprises is much more difficult because companies rarely publicize their counterfeiting discoveries.

How many devices are affected by counterfeit chips?
Guin: Virtually all electronic systems, including [those in the] defense and aerospace industry, are candidates for counterfeit chips. Due to the rapid increase in counterfeiting and piracy, it was predicted that the global market for counterfeit goods is likely to be more than double to $1.7 trillion by the end of 2015.

The five most commonly counterfeited components represent $169 billion in potential annual risk for the global electronics supply chain. The components are analog ICs, microprocessor ICs, memory ICs, programmable logic ICs, and transistors. Together, these five types of components make up around 68% (or slightly more than two-thirds) of all the counterfeit incidents reported in 2011.

What is the impact of counterfeit chips on network technologies?
Guin: The Department of Justice post, "Departments of Justice and Homeland Security Announce 30 Convictions, More Than $143 Million in Seizures from Initiative Targeting Traffickers in Counterfeit Network Hardware," covers this topic. The post states, "Operation Network Raider, a domestic and international enforcement initiative targeting the illegal distribution of counterfeit network hardware manufactured in China, has resulted in 30 felony convictions and more than 700 seizures of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million."

Why should enterprises/governments be concerned about the counterfeiting?
Guin: There are numerous incidents that mention the vulnerability of [the Department of Defense] supply chain. Over the past couple of years, numerous reports have pointed to counterfeiting issues in the U.S. electronics component supply chain. One particularly prominent example of this problem is dramatized by the incident of Stephanie McCloskey, an administrator at VisionTech Components, LLC, who was sentenced to 38 months in prison for selling counterfeit ICs to the U.S. military and other crucial industries.

In November of 2010, McCloskey pled guilty to a federal charge of conspiracy to traffic counterfeit goods and mail fraud. Between 2006 and 2010, McCloskey conspired with Shannon L. Wren, the late owner of VisionTech to acquire counterfeit devices from China and Hong Kong, import them into various ports across the U.S., and market them on the VisionTech website as name-brand, trademark-protected ICs.

From January 1, 2007, through December 31, 2009, Wren, McCloskey, and others generated nearly $15.8 million in gross receipts from the sale of their counterfeit ICs. The McCloskey conviction marked the first time anyone had been sentenced in a federal courtroom for trafficking ICs.

Another case in point of IC counterfeiting is Peter Picone, a 41-year-old man from Methuen, Mass., who pled guilty in 2014 to importing thousands of counterfeit ICs from China and Hong Kong in order to resell them to U.S. customers. What transforms this case from the banal to the insidious is the fact that Picone targeted not only private consumers but also contractors who supplied these counterfeit ICs to the U.S. Navy for use in nuclear submarines. The contractors supplying the Navy specifically requested ICs that were new and not manufactured in China. Picone assured these contractors that the ICs were new and manufactured in Europe. However, tests conducted by the Navy have since revealed that the ICs purchased from Picone had been resurfaced to change the date code and to affix counterfeit marks, all in order to hide the parts' true origin.

In 2011, the U.S. Senate Armed Services Committee reported about a grave counterfeiting incident, where the ice detection module on a new P-8A Poseidon aircraft was found to have counterfeit IC components. The ice detection system on an aircraft is a critical module that alerts pilots about the presence of ice on an aircraft's control surface, a potentially life-threatening situation. The module was found with an FPGA unit that had literally fallen out of its sockets and was found inside the module. On further inspection, it was found that the Xilinx FPGA component, which was badly used, worn out, and was a discontinued model, was sold to BAE Systems, the P-8 aircraft component contractor, by Tandex Test Labs in California. Tandex had bought the component through an independent distributor that had acquired the part through a manufacturer in Shenzhen, China. Further investigation revealed that the module was reworked and had found its way through the supply chain to the P-8A aircraft.

What are the financial losses for the vendors, enterprises, and government?
Guin: Counterfeit ICs are of great concern to industry and government because a system malfunction can present situations that cause mission failures and health or safety concerns. The potential for loss and tragedy caused by such devices could be significant for electronic systems supporting a number of sectors (e.g., medical, aerospace, defense, automotive, banking, energy/smart-grid, etc.).

Do you have any cases where counterfeit chips affected enterprise or government operations or caused safety problems?
Guin: In another incident in 2011, the display units onboard U.S. military aircrafts were found with counterfeit electronic components. The units, manufactured by L-3 Communication Display System, were meant for pilots to diagnose critical data such as engine fuel, location, and warning messages. Although any possible disasters were averted, a thorough investigation was conducted by L-3 and the Senate Armed Services Committee, which traced the counterfeit components to Hong Dark Electronic Trade in Shenzhen. Additional counterfeit components were found in other pieces of equipment onboard at least seven aircrafts, all were sold to the U.S. Army by Raytheon and Boeing.

Unquestionably, the presence of such inferior and untested ICs in U.S. Navy nuclear submarines could have catastrophic and far-reaching consequences. Because counterfeit ICs are vulnerable to unpredictable failures, they can lead to property damage, costly repairs, and bodily injury even in the most benign of circumstances. However, when counterfeit ICs are used in systems of national importance, they also raise several national security concerns. Counterfeit ICs' histories are unknown, so it becomes unclear who has had access to them and how they have been altered. Such devices can be changed so that they contain malicious code or hidden backdoors that can disable systems, intercept communications, and intrude into computer networks. All of these issues imply massive consequences when placed in the context of U.S. national security. In an attempt to tackle this counterfeiting epidemic, a Senate Armed Services public hearing and its later report clearly identified counterfeiting as a major issue to address.

For a list of resources, click to next page.

Combatting Counterfeiting

Chip counterfeiting expert Ujjwal Guin shared these resources for help in detecting and reporting counterfeit ICs.

Reporting References